DEV Community

Ajit Singh for This is Learning

Posted on • Updated on

Provide AWS access across services using roles

Some AWS services require access across services because they need to perform an action on that service. Whenever that happen our AWS web services are treated like a user and need to given permission to other services. Roles provide you this functionality and allow users of other accounts to use our services.

The most common use of this is to provide the EC2 service access to other services. We will learn more about EC2 service later on. Let's start

  • Go to AWS IAM console same as in the user creation article

  • After that click on roles from the left menu bar
    Roles Menu

  • Click on create role
    Create role button

  • Once you click on create role there will be four options available

    • AWS Service
    • Another AWS Account
    • Web Identity
    • SAML 2.0 federation for a basic understanding of the service let us ignore the last three for now and focus on the first one. Once you select the first one you will see a list of services that can be provided access. Let us select EC2 it is most common use case for creating roles. Click on next:permissions. Role options
  • Now we select policies(permission) as we selected while creating user. For this tutorial let's give S3 readonly access to our EC2 service. With the policy AmazonS3ReadOnlyAccess(We will study more about the S3 service later on) and click on Next:Tags.

    Role Policies

  • Now we can add tags to our role to better identify roles via these tags

    Role Tags

  • Finally in review screen we can review everything and add a role name. Click on create role after reviewing everything. A role is created now for our EC2 instance has S3 read access.

    Role Review

Top comments (2)

Collapse
 
avinashdalvi_ profile image
Avinash Dalvi

Good explanatory article.

Collapse
 
ajitsinghkaler profile image
Ajit Singh

Thanks